The World Wide Web provides opportunities for the sharing of resources on an almost unlimited scale. Many software products support the creation of grids of interconnected resources. In conjunction with the grids, the software products enable businesses to access more computer capacity over the Internet on demand. The goal of developers for such software products is to provide users with a seamless flow of information and business processing.
One group of such software products is IBM's WebSphere®. WebSphere® encompasses tools for developing e-business applications and middleware for running Web Applications. WebSphere® Application Server (WAS) software deploys, integrates, executes and manages e-business applications (hereafter applications) from a network of application servers. WAS runs on a web server, a software program capable of servicing Hypertext Transfer Protocol (HTTP) requests. WAS is a Java 2 Platform, Enterprise Edition (J2EE), and its core components are Enterprise Java Beans (EJBs), Java Server Pages (JSPs), Java servlets and interfaces linking databases.
WAS deploys applications from a network of application servers. Typically, the network of application servers consists of peer servers where each of the servers in the network communicates with each other at the same level. These peer servers may include one or more clusters of application servers. A server cluster consists of a group of servers that are typically on different machines and have the same applications configured within them, but operate as a single logical server. Application servers in a cluster are configured to act as backup servers for user-session data. Memory to memory replication of data is performed using Java Message Service (JMS). A server cluster may be a group of clone servers where each server is an identically configured copy of an application server that may be used for workload management purposes.
WAS deploys applications over the Internet responsive to a request sent from a user's remote client computer using the client's web browser. The request contains the user's unique internet protocol (IP) address. When the client's web browser sends the request to the network of servers, one of the servers will run the application and make the application available to the remote client computer. The application may consist of a single resource or it may be a bundle of resources such as Java 2 Platform, Enterprise Edition (J2EE) application with numerous servlets and Enterprise Java Beans (EJBs).
WAS also manages the workload created by client requests. Load balancing is the monitoring of application servers and management of the workload on the servers. If one server exceeds its workload, requests are forwarded to another server with more capacity. One method by which WAS allocates requests among the peer servers on the network is through an intelligent workload router (IWR) that employs rules to decide which server receives a request. IBM's Network Dispatcher component, Content Based Routing (CBR) is one example on an IWR.
In order for the user to access the application from the remote client computer, the user's browser makes a protocol request to a WAS application server, and the server parses the protocol request to determine whether it has the application requested by the browser. When the server has the necessary application installed, there is no problem. However, a problem arises when a request is sent to an application server that does not have the necessary application running. The server must first install the application, and may have to fetch the application before it can be installed. Methods to start up applications asynchronously and remotely are known. However, the period of time that it takes to deploy the application causes an undesirable delay in the response time of the application server. Therefore, it is desirable to eliminate delay in commencement of the user session.
A solution to this problem is for the server, receiving a request but not having the necessary application running, to act as a proxy and to send the request to a peer server that has the application installed. Knowledge of which server has the necessary application installed may be obtained from a registry showing the applications that are installed on each of the servers. A registry is a repository that contains access and configuration information for users, systems, and software, and the use of such repositories is known. Such a registry may be provided by a central registry service which maintains peer servers and the resources available on those servers. In addition, proxying among peer servers is also known.
In addition to finding a peer server with the application running, the client request could be proxied to a peer server only for as long as necessary for the requesting server to install the required application. Once the requesting server has the necessary application installed, it could then process requests for the client throughout the remainder of the session. The temporary handing off to the peer server would be transparent to the client and to the IWR. The ability to proxy requests off and to alter the session information to have the client send requests back to the proxy is known. In addition, the ability to replicate connection session information across multiple servers is known.
When WAS makes an application available to the user's browser on the remote client computer an HTTP session is established. Connection information is created during the HTTP session which helps the server to maintain information about the remote client computer's requests. In WAS, a session is a series of requests to a servlet originating from the same user at the same browser. The servlets are Java programs that run on a Web server and extend the server's functionality by generating dynamic content in response to requests. A WAS Web server plug-in supports the Web server in communicating requests for the servlets, to the application server. In J2EE a session is an object used by a servlet to track a user's interaction with a Web application across multiple HTTP requests. An important component of the connection information is establishment of server affinity so that all requests during the session will go to the server that is providing the application from the user's initial access until the user exits the application.
Server affinity is important because many applications encountered on the Internet today, including “shopping carts” and home banking applications require that the current status of the application or “state” be maintained during the session. In other words, each request for a new web page in an application may require knowledge of the previous pages. Programmers have made provisions for maintaining state during a session in various ways including application programming interfaces (APIs) and cookies. The passing of the session information, and the shifting of subsequent requests from the user to the computer that received the session information is known as affinity. Thus when the request is sent to a server, the affinity information in the session information will ensure that the client will connect to the same server for all transactions during the session. However, once a server is assigned to the request, for those applications requiring that state be maintained, server affinity must be maintained during the time that the user at the remote client computer accesses the requested application, until the user exits the application.
Server affinity is maintained by making a unique server identifier a component of the session information. Some options available to maintain application state based on server affinity by making a unique server identifier part of session information are: (1) stickyness to source IP address, (2) SSL session identifiers, cookies, and URL rewriting. The suitability of each will be discussed below.
Stickyness to a source IP address is enabled by configuring the clustered port to be sticky. In doing so, all subsequent connections from the same source IP address are dispatched to the same server until the session ends, or until a configurable timeout period expires. This affinity strategy has some disadvantages. Some Internet Service Providers (ISPs) use proxies which collapse many client connections into a small number of source IP addresses. A large number of users who are not part of the session will be connected to the same server. Other proxies use a pool of user IP addresses chosen at random, even for connections from the same user, invalidating the affinity. These disadvantages weigh against using stickiness for the proposed proxy solution.
If clients are using Secure Sockets Layer (SSL) connections to the Web Server, then an SSL session identifier may be used. The SSL session identifier is generated from the SSL session information and is defined by the connection between the browser and Web server. Connecting to another Web server will reset the SSL connection and a new SSL session identifier will be generated. If the web server crashes, the user will lose the session. The session will continue to exist in the application server but the user will not have the correct SSL session identifier. If the application server crashes, then as long as persistent sessions are in use, the session will not be lost to the user. The disadvantages of the SSL session identifier weigh against its use for the proposed proxy solution.
Cookies have the advantage that the browser can be connected to any web server and there will be no effect on the session. A session identifier in the cookie is used by a server to locate the corresponding session. Cookie session identifiers will survive a web server crash and, provided persistent sessions are enabled, will also survive unavailability of the application server. The session lifetime is governed by the cookie lifetime. Once the session identifier in the cookie is set, a browser will send the cookie for all subsequent requests until the cookie expires. Cookies are the preferred way to communicate session information, and meet the requirements of the proposed proxy solution.
In WebSphere®, URL rewriting (or URL encoding) does not require users to enable cookies in their browsers, and yet still allows management of sessions. The process of setting up URL rewriting is not transparent to the Web application. It requires a developer to include specific commands to append the session information to the end of any HTTP link that will be used from the Web browser. Rewriting the URLs can only be done on dynamic HTML that is generated within WebSphere®. Session information will be lost if static HTML links are accessed, restricting the flow of site pages to dynamic pages only. From the first page, the user receives a session identifier and the Web site must continue using dynamic pages until the completion of the session. The only situation in which URL encoding excels over cookies is when users have not enabled cookies in their browsers, and in such a situation, URL encoding would be a suitable option for the proposed proxy solution.
In WAS, session affinity is maintained by appending a unique server identifier to the session identifier. When an HTTP session is created, its session identifier is passed back to the browser as part of a cookie or URL encoding. When the browser makes further requests, the cookie or URL encoding will be sent back to the Web server. The Web server plug-in examines the HTTP session identifier, in the cookie or URL encoding, and extracts the unique server identifier of the server handling the session, and forwards the request. The affinity information is stored in the session information object, ties the user to that particular server, and gives subsequent requests from that user to the proxy server.
In WAS, a client cookie has four parts: a cache identifier, a session identifier, a separator, and a server identifier. For example, a client cookie may be written as:
0001IWNTSHSZWWQFEPVNBOI5KY:t6tb10f8
The first four characters are used to identify the cache. When using cookies or URL rewriting, the characters before the “:” are used for the session identifier. The “:” is the separator. The last section, after the separator is used to point to the server which holds the session (the server identifier). Session information may comprise the session identifier, the last accessed time, the creation time, and the session-tracking mechanism.
However, when the request is sent to the peer server, the session information is also sent to the peer server, and when the request is returned to the proxy, the session information will contain affinity information that will cause follow on requests to continue to go to the peer server rather than to the requesting server. Therefore, the peer server will continue to get requests from the client web browser in addition to all of the requests that it would normally receive from the intelligent workload router. Such a routing will interfere in workload management. For example, the proxy server will receive the requests allocated to it by the IWR, and in addition, will receive the requests sent to it because the requesting server did not have the application running. Because the handover is a permanent handover for that session, the requesting server interferes in the workload management of the IWR.
Therefore, a need arises for a way to balance the resources by handing off a request to a peer server when necessary, but getting the session back to the originating server when it is ready to handle the request so that subsequent requests from the user will go to the originating server as soon as it is able as though no handing off had taken place. With such a capability the originating server would only pass off a request to a peer server until it had the application loaded and was able to process further requests, and at that time requests would no longer be sent to the proxy server. In such a situation, a need exists for a way to make a temporary and transitory handoff to a peer server without losing affinity to the requesting server.